Microservices-Based RESTful URL Shortener on Kubernetes

Project Overview

This project is a fully containerized, distributed URL shortening service designed according to a microservices architecture. It consists of two independent yet interconnected Flask applications: an Authentication Service responsible for user management and JWT token issuance, and a URL Shortener Service that handles the core logic of creating, managing, and redirecting short links. The entire system is designed for high availability and scalability, deployed on a Kubernetes cluster with automated TLS certificate management and persistent data storage.

The Challenge

The main goal was to move beyond a monolithic application and build a robust, production-ready distributed system. This involved several key challenges: designing a clean separation of concerns between authentication and core business logic, implementing a secure communication protocol (JWT) between services, and mastering the complexities of cloud-native deployment. The project required a deep dive into containerization with Docker and orchestration with Kubernetes, including configuring networking with Ingress, managing persistent state with NFS-backed volumes, and automating security with cert-manager for SSL.

Key Features

• Decoupled Microservices: An independent Authentication Service handles user registration, login, and secure password updates, while the URL Shortener Service focuses on link management.
• JWT-Based Security: User access to the URL Shortener is secured via JSON Web Tokens, which are issued by the Auth service and verified by the Shortener service on each protected request.
• Full CRUD Functionality: Users can create, retrieve, update, and delete their own URL mappings.
• Persistent & Resilient Storage: Both services use SQLite databases backed by Kubernetes Persistent Volumes (via NFS) to ensure data integrity and persistence across pod restarts.
• Custom & Random Short IDs: Users have the flexibility to either specify a custom alias for their short links or let the system generate a unique, random ID.
• Usage Analytics: The system tracks and provides access statistics, counting the number of times each short link is clicked.
• Automated Kubernetes Deployment: The entire application stack, including services, ingress, and persistent storage, is defined in Kubernetes YAML manifests for repeatable, automated deployments.
• Automated SSL/TLS: Integrated with cert-manager and Let's Encrypt to automatically provision and renew SSL certificates, ensuring all traffic is served over HTTPS.

Technical Deep Dive

Backend:

• The backend is built as two distinct microservices using Python and the Flask framework, providing a lightweight and efficient foundation for the REST APIs.
• SQLite was chosen for its simplicity and file-based nature, making it ideal for demonstrating persistent storage concepts in Kubernetes using Persistent Volumes.
• The Authentication service implements JWT token generation from scratch using the HMAC-SHA256 algorithm, demonstrating a core understanding of authentication mechanics.
• Inter-service communication is handled via direct REST API calls within the Kubernetes cluster, utilizing Kubernetes' built-in service discovery.

DevOps/Deployment:

• Both services are fully containerized using multi-stage Dockerfiles for optimized, lightweight images. Docker Compose is provided for streamlined local development.
• The application is orchestrated with Kubernetes, with detailed manifests defining Deployments, Services, ConfigMaps, and Secrets.
• An NGINX Ingress Controller is used to manage external access, routing traffic to the appropriate service based on URL paths (/auth or /shortener).
• Secure HTTPS traffic is enabled out-of-the-box using cert-manager, which automates the entire lifecycle of SSL/TLS certificates from Let's Encrypt.
• A comprehensive Bash script (setup.sh) was developed to automate the provisioning of a multi-node Kubernetes cluster from scratch, showcasing strong infrastructure automation skills.

Personal Learnings

This project was a significant step in transitioning from theoretical knowledge to practical application of distributed systems and DevOps principles. I gained invaluable hands-on experience in designing and implementing a microservices architecture, including the nuances of inter-service communication and security with JWTs. The biggest learning curve was in the deployment process; I developed a deep understanding of Kubernetes concepts such as Pods, Deployments, Services, Persistent Volumes, and Ingress. Configuring cert-manager for automated SSL was a highlight, as it demystified the process of securing a web application in a production-like environment.